Brian Krebs is a journalist focused on cybercrime. His 2014 book, Spam Nation: the Inside Story of Organized Cybercrime -from Global Epidemic to Your Front Door, is an excellent read for anyone interested in this common form of crime. He opens the ebook version with an explanation of the title, which I think is helpful.
This book isn’t just about spam. By the end, Krebs has walked you through issues of where spam is hosted and why it’s hard to shut down. He explains botnets, the spammer community, and discusses both the malware they distribute as well as attacks they made on their opponents (and business partners!).
I was skeptical when I picked it up but it’s both a well-written and fascinating read. Krebs drives the story through the conflict between two successful spammers. He introduces a panoply of related characters, both with his own prose as well as their ICQ chat history.
He corrected two misconceptions that I had. First, that the people who click on spam are idiots. He spoke to some of the people who purchased drugs through spam links and found some rational reasons for their doing so. In fact, the discussion of buyers in Chapter 4 is as much about the high cost of pharmaceuticals in the US and the lower cost in India and China as it is spam.
That spam was, in the case of pharma, a business enabler also surprised me. I’d assumed that all spam was essentially to deliver a negative payload (malware, viruses, etc.). Much of it is. I’ve never clicked on a link, but was surprised that people who did sometimes actually got what they were paying for.
The book wraps up with an interesting timeline of government takedowns of botnets and the tightening of credit card payment systems. Krebs notes the rise in ransomware and gives a good explanation of its impact. He even includes an epilogue with tips on better password management and keeping systems patched. Unpatched routers and PCs are part of the reason the botnets and spammers are so successful.
I find this sort of book – and Joseph Menn‘s, which Krebs mentions – fascinating. As an end recipient of a great deal of spam, running my own e-mail servers as well as e-mail accounts, it is a part of every day Internet life. Krebs tells an interesting story about where it comes from and why.